search for: lnffvg

In my DC, without setting explicitly a 'winbind default domain', i can check logins domainless: root at vdcsv1:~# id gaio uid=10000(LNFFVG\gaio) gid=10513(LNFFVG\domain users) gruppi=10513(LNFFVG\domain users),11001(LNFFVG\sir),10999(LNFFVG\unixadm),3000008(LNFFVG\domain admins),3000005(LNFFVG\denied rodc password replication group),3000005(LNFFVG\denied rodc password replication group),3000009(BUILTIN\users),3000000(BUILTIN\administr...

I'm using samba 4.5 on a debian jessie (Louis packages). Rarely it happen that a power outgage tear down all the stuff, here. I've noticed that if the DM start before the DC, clearly all account data are inaccessible. To prevent or minimize that, the ''offline mode'' of winbind can be safely used also on DM servers? Or is tailoread against roaming client (portables,

...up (i'm short in fantasy, today ;) and i've created an 'mta' user, both user and group in 'Restricted' OU, of course. And i've added 'mta' to 'Restricted' group. Clearly, in an DC, a xID get assigned to group: root at vdcsv1:~# getent group Restricted LNFFVG\restricted:x:3000026: but by the same way 'mta' user get by default the 'Domain Users' group (and others, seems): root at vdcsv1:~# getent passwd mta LNFFVG\mta:*:3000025:10513:MTA Restricted:/home/mta:/bin/bash root at vdcsv1:~# id mta uid=3000025(LNFFVG\mta) gid=10513(LNFFVG...

I've not clear if is a squid or a samba/ntlm_auth trouble... indeed... In Squid i've added: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users' auth_param ntlm children 5 but in 'cache.log' i got: Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID! Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID! I've tried some escape tecniques for...

...guest = Bad User max log size = 5000 netbios aliases = CUPSSV FILESV HOMESV panic action = /usr/share/samba/panic-action %d printcap name = cups realm = AD.FVG.LNF.IT security = ADS username map = /etc/samba/user.map winbind offline logon = Yes winbind use default domain = Yes workgroup = LNFFVG spoolss: architecture = Windows x64 rpc_daemon:spoolssd = fork rpc_server:spoolss = external idmap config lnffvg : unix_nss_info = yes idmap config lnffvg : schema_mode = rfc2307 idmap config lnffvg : range = 10000-49999 idmap config lnffvg : backend = ad idmap config * : range = 5000-9999...

...0, 0), class=auth] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info) Kerberos ticket principal name is [MALCOBB$@AD.FVG.LNF.IT] [2018/02/08 12:21:49.457896, 10, pid=2619, effective(0, 0), real(0, 0), class=auth] ../source3/auth/user_krb5.c:83(get_user_from_kerberos_info) Domain is [LNFFVG] (using PAC) [2018/02/08 12:21:49.457938, 4, pid=2619, effective(0, 0), real(0, 0)] ../source3/auth/user_util.c:362(map_username) Scanning username map /etc/samba/user.map [2018/02/08 12:21:49.457980, 10, pid=2619, effective(0, 0), real(0, 0)] ../source3/auth/user_util.c:196(user_in_list)...

Hai Marco, The idmap config part. The this for the member. ## map id's outside to domain to tdb files. idmap config *: backend = tdb idmap config *: range = 5000-9999 ## map ids from the domain and (*) the range may not overlap ! idmap config LNFFVG: backend = ad idmap config LNFFVG: schema_mode = rfc2307 idmap config LNFFVG: range = 10000-49999 idmap config LNFFVG: unix_nss_info = yes idmap config LNFFVG: unix_primary_group = yes And about : [2018/09/04 16:37:11.137151, 0] ../lib/param/loadparm.c:398(lp_bool) lp_bool(y...

...ba/log.%m map to guest = Bad User panic action = /usr/share/samba/panic-action %d printcap name = /dev/null realm = AD.FVG.LNF.IT security = ADS syslog = 0 username map = /etc/samba/user.map usershare max shares = 0 winbind offline logon = Yes winbind use default domain = Yes workgroup = LNFFVG idmap config lnffvg : unix_primary_group = yes idmap config lnffvg : unix_nss_info = yes idmap config lnffvg : schema_mode = rfc2307 idmap config lnffvg : range = 10000-49999 idmap config lnffvg : backend = ad idmap config * : range = 5000-9999 idmap config * : backend = tdb printing = bsd...

...y found a little strange thing, i think related to the fact > that in my DM i've set 'winbind use default domain = yes'. > > > Folowing the wiki, i've enabled offline logon and then done: > > ['smbcontrol winbind online' > root at vdmsv1:~# wbinfo -K LNFFVG\\gaio > Enter LNFFVG\gaio's password: > plaintext kerberos password authentication for [LNFFVG\gaio] > succeeded (requesting cctype: FILE) credentials were put in: > FILE:/tmp/krb5cc_0 > > ['smbcontrol winbind offline'] > root at vdmsv1:~# wbinfo -K LNFFVG\\gai...

...domain members to debian stretch/samba 4.8, using louis packages. Domain controllers still on jessie/samba45. Upgrade went smooth, but after upgrade seems that the DM was not able anymore to retrieve rfc2307 data, eg: root at vdmsv2:~# getent passwd gaio gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false root at vdmsv2:~# ldbsearch -H ldap://vdcsv1.ad.fvg.lnf.it -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(&(objectClass=user)(sAMAccountName=gaio))" | egrep -i "(unixhome|shell)" loginShell: /bin/bash unixHomeDirectory: /home/gaio smb.conf seems ok to me: root...

On Mon, 28 Jan 2019 12:52:45 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' > > > one (seems to me)? > > The problem is (for myself anyway), I do not understand the >

...name = cups realm = AD.FVG.LNF.IT security = ADS socket options = TCP_NODELAY TCP_KEEPIDLE=240 TCP_KEEPCNT=4 TCP_KEEPINTVL=15 syslog = 0 username map = /etc/samba/user.map usershare max shares = 0 winbind offline logon = Yes winbind use default domain = Yes wins support = Yes workgroup = LNFFVG spoolss: architecture = Windows x64 rpc_daemon:spoolssd = fork rpc_server:spoolss = external idmap config lnffvg : unix_primary_group = yes idmap config lnffvg : unix_nss_info = yes idmap config lnffvg : schema_mode = rfc2307 idmap config lnffvg : range = 10000-49999 idmap config lnffvg : b...

Hai Rowland, Im pretty sure this is a bug in the DC part. I'll show. On the DC. dc1:~# getent passwd winadmin NTDOM\winadmin:*:10000:100::/home/users/winadmin:/bin/bash wbinfo --group-info="Domain Users" NTDOM\domain users:x:100: id winadmin uid=10000(NTDOM\winadmin) gid=100(users) groups=100(users),3000004(BAZRTD\group policy creator owners),3000008(NTDOM\domain admins)

..., it is if I > haven't been anywhere. This is what i supposed to work mee too. Seems not. You have also your user in /etc/passwd? O;-) > You seem to be doing something wrong ;-) Probably. But i don't understand what. Authentication works as expected: root at vdmsv2:~# wbinfo -K LNFFVG\\gaio Enter LNFFVG\gaio's password: plaintext kerberos password authentication for [LNFFVG\gaio] succeeded (requesting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_0 root at vdmsv2:~# smbcontrol winbind offline root at vdmsv2:~# wbinfo -K LNFFVG\\gaio Enter LNFFVG\gaio's p...

...tion: root at vdcsv1:~# samba-tool testparm Press enter to see a dump of your service definitions # Global parameters [global] netbios name = VDCSV1 realm = AD.FVG.LNF.IT server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = LNFFVG server role = active directory domain controller template homedir = /home/%U template shell = /bin/bash idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/ad.fvg.lnf.it/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No and i've c...

...;) and i've created an 'mta' user, both user and group > in 'Restricted' OU, of course. > And i've added 'mta' to 'Restricted' group. > > Clearly, in an DC, a xID get assigned to group: > > root at vdcsv1:~# getent group Restricted > LNFFVG\restricted:x:3000026: > > but by the same way 'mta' user get by default the 'Domain Users' group > (and others, seems): > > root at vdcsv1:~# getent passwd mta > LNFFVG\mta:*:3000025:10513:MTA Restricted:/home/mta:/bin/bash > root at vdcsv1:~# id mta >...

...estparm > Press enter to see a dump of your service definitions > > # Global parameters > [global] > netbios name = VDCSV1 > realm = AD.FVG.LNF.IT > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = LNFFVG > server role = active directory domain controller > template homedir = /home/%U > template shell = /bin/bash > idmap_ldb:use rfc2307 = yes > > [netlogon] > path = /var/lib/samba/sysvol/ad.fvg.lnf.it/scripts > read only = No > > [sysvol] > path =...

...39;root', where indeed password > does not match (and UNCI-UNCI\root does not exist ;). > > > What really does not understand is: > > a) why evidently in samba 4.5 this mapping get NOT done. > > b) i've tried to modify 'user.map' from: > > !root = LNFFVG\Administrator LNFFVG\administrator > Administrator administrator > > to > !root = LNFFVG\Administrator LNFFVG\administrator > > hoping in strict matching, but seems that match still get done (but > i've only reload smbd, not restarted it). > > > And, sorry ro...

...to work as expected. I've only found a little strange thing, i think related to the fact that in my DM i've set 'winbind use default domain = yes'. Folowing the wiki, i've enabled offline logon and then done: ['smbcontrol winbind online' root at vdmsv1:~# wbinfo -K LNFFVG\\gaio Enter LNFFVG\gaio's password: plaintext kerberos password authentication for [LNFFVG\gaio] succeeded (requesting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_0 ['smbcontrol winbind offline'] root at vdmsv1:~# wbinfo -K LNFFVG\\gaio Enter LNFFVG\gaio's passwor...

...y found a little strange thing, i think related to the fact > that in my DM i've set 'winbind use default domain = yes'. > > > Folowing the wiki, i've enabled offline logon and then done: > > ['smbcontrol winbind online' > root at vdmsv1:~# wbinfo -K LNFFVG\\gaio > Enter LNFFVG\gaio's password: > plaintext kerberos password authentication for [LNFFVG\gaio] > succeeded (requesting cctype: FILE) > credentials were put in: FILE:/tmp/krb5cc_0 > > ['smbcontrol winbind offline'] > root at vdmsv1:~# wbinfo -K LNFFVG\\g...